As a global leader in financial services, Mastercard balances a commitment to innovation with a responsible approach to AI risks. At enterprise scale, AI Governance requires assessing and mitigating risk across a complex collection of hundreds of internally and externally developed AI systems. Given Mastercard’s global reach and broad scope of operations, success in AI Governance also involves navigating a complex regulatory and compliance landscape. Generative AI shifted the governance landscape, bringing a new wave of suppliers and solutions, unprecedented ease of access and demand for solutions, and novel risk profiles. As the potential enterprise uses of Generative AI grew into the hundreds, Mastercard saw that mitigating a broad range of risks through existing processes would be time consuming and could limit innovation. Mastercard partnered with Credo AI to deliver a scalable, sustainable and highly reliable system of Generative AI governance.
As a global technology company in the payments sector, Mastercard’s mission is to power economies and empower people. In 2023, Mastercard’s network facilitated more than 143 billion transactions in the blink of an eye. Across 210 countries, in more than 150 currencies, every time people swipe, tap, or dip their Mastercard, it is because they trust their information is safe.
Mastercard has been powering its technologies using AI for decades and has integrated AI across its diverse business operations to make payments safer and smarter, to create internal efficiencies, and to personalize services and provide data driven insights to its customers and its customers’ customers.
As Generative AI technologies advanced, Mastercard saw an opportunity to reinvent existing practices and products. Mastercard appointed an executive steering committee to review new ideas, and invited product owners and employees across the company to determine how Generative AI might empower them. The number of Generative AI uses quickly surged into the hundreds. The variety of solutions and risk profiles grew alongside volume.Â
While Mastercard was keen to move quickly, its leaders saw the importance of ensuring risk controls while innovating. Mastercard’s leaders set a clear objective: to bring together risk management activities to work just as quickly and effectively as before, while assessing a higher volume of AI systems against a more varied risk profile.
Mastercard’s Data and AI Strategy group, under the Chief Data Officer, took the lead; their first action was to define a process that would coordinate between risk management functions that included Information Security, Data Privacy, and AI Governance. The group quickly realized that good tooling that could support a streamlined, multi-party governance process would be key to Mastercard’s success.Â
In addition to their immediate tooling need, Mastercard saw the need for a partner, an engaged and aligned developer who could predict and respond to shifts in the Generative AI landscape while supporting fast, collaborative and reliable vendor vetting, ongoing compliance monitoring, and centralized oversight.
To address this opportunity, Mastercard turned to Credo AI, an AI governance platform that streamlines responsible AI adoption by automating AI oversight, risk mitigation and regulatory compliance. Credo AI offers capabilities that enabled Mastercard to address the volume, velocity and variety of the company’s Generative AI needs.
Key features of the Credo AI Platform that accelerated Mastercard’s innovation and AI governance journey included:
With Generative AI, risks to the enterprise expanded to include enhanced security risks, IP risks, data exfiltration and reuse risks specific to Generative AI, and branding/tone of voice considerations. A broader group of risk management parties needed to be involved in assessing Generative AI solutions, and a central concern was how processes could be streamlined and communicated across this group.
Credo AI provided Mastercard with a centralized AI Registry for tracking all AI projects, including internally developed and third-party applications. This AI Registry became the place for tracking all Generative AI uses and tooling, and was used by risk and governance teams, stakeholders and executive leaders to understand Generative AI adoption across the enterprise.
Mastercard used Credo AI’s well-developed customization features to create a Generative AI intake questionnaire customized to their risk management profile. Mastercard’s product and use case owners applied this questionnaire to collect evidence for each use case in the AI Registry. Credo AI enabled Mastercard to easily implement their enterprise risk categorization framework. Credo AI used this evidence and the risk categorization framework to identify the risk category of each Generative AI use case, routed use cases to the right level of oversight, and oversaw risk management to ensure that appropriate process was executed upon for each use case.
Credo AI’s registry and automation tooling substantially reduced the time and effort involved to review new generative AI use cases across a broad set of risk management stakeholders. This allowed Mastercard’s AI Governance team to focus on their most important job: deciding which use cases should be approved, and what conditions should apply to those approvals.
As hundreds of Generative AI use cases moved through review and approval, Mastercard needed to manage and coordinate review and approval. The company wanted to move fast, and needed a solution that could reduce the time-to-governance for each use case.
Credo AI facilitated a faster and more  centralized review process for new Generative AI use cases at Mastercard. When Mastercard’s product owners submit a new Use Case for review, Credo AI automatically manages to notify reviewers across the AI Governance, Security, Legal, Privacy, Brand, Technology and Strategy functions. When reviewers leave their feedback directly in Credo AI, this populates a persistent audit trail of reviews and approvals. When reviewers identified a risk or necessary guidance for the product owner, they were able to issue this guidance through Credo AI and secure acknowledgment from the product owner. These features enabled a broad team to work faster and more effectively than ever before to review Generative AI use cases and manage risk.
Third-party components are a key piece in Mastercard’s Generative AI adoption strategy, and the company leverages a broad range of externally developed Generative AI components, from third-party LLMs and SLMs, to fine-tuned and specific-purpose solutions, to development platforms that would let internal employees build and tune their own products.
Mastercard and Credo AI needed to manage a broader range of risks across a broader variety of products, and both parties saw the critical need to collect accurate, complete evidence from vendors. To serve this need, Credo AI launched the Credo AI Vendor Portal, which significantly transformed how Mastercard manages third-party relationships with AI vendors.
Through the Vendor Portal, Mastercard collects evidence directly from vendors, validates it for completeness and utility as part of the review process, and stores it alongside Mastercard’s own evaluations and assessments. The Vendor Portal has significantly reduced the amount of human effort involved in requesting and validating information from vendors, and enables Mastercard to vet the quality of vendor solutions more completely and accurately than ever before.
Using the Credo AI Platform, Mastercard is able to manage AI risk and responsibly implement generative AI – with better speed and scale than ever before. Features like AI Registry and Vendor Registry have allowed us to maintain control of all AI use cases, to ensure all of our AI at Mastercard aligns to our governance frameworks and principles.
Credo AI’s platform and long-standing partnership with Mastercard have supported quick, thorough and scalable assessment of Generative AI risks. Some immediate impacts include:
Credo AI has enabled Mastercard to streamline and expand review processes to manage many risks simultaneously. The resulting solution assesses more risks at a reduced time-to-governance.
The Registry and Credo AI’s strong portfolio management tools allow Mastercard’s strategy function to manage and report on the progress of Generative AI across the enterprise, building and maintaining executive and stakeholder trust. Credo AI also provides a consistent and complete audit trail, empowering risk management and audit functions to confirm that the enterprise is innovating responsibly.
Mastercard and Credo AI share a common vision of responsible innovation. Mastercard is a frontrunner in operationalized AI Governance, guided by its Data and Tech principles and committed to the ethical, responsible, and human-centric development and use of AI.
Mastercard and Credo AI share a common vision of responsible innovation. Mastercard is a frontrunner in operationalized AI Governance, guided by its Data and Tech principles and committed to the ethical, responsible, and human-centric development and use of AI.
Inventory your AI use cases and operationalize contextual AI governance across your entire enterprise in one scalable platform.
Learn more about the AI Governance Academy, and learn from the Credo AI team—pioneers in AI governance and Responsible AI.